Dariush Debian Diary

xset m 6
[/Tips] permanent link

Stable release (18a) http://eyck.forumakad.pl/Projects/bsd/18a/, is just 17j renamed, there were no issues found with 17j.
[/Projects/bsd] permanent link

( error message : "

 (20014)Error string not specified yet: Expected version '3' of repository; found version '2'
Could not fetch resource information.  [500, #0]
Could not open the requested SVN filesystem  [500, #165005]
(84)Invalid or incomplete multibyte or wide character: Could not open the requested SVN filesystem  [500, #165005]

" )

svnadmin-0.33.0-0.backports.org.1 dump /var/lib/svn/  > svn.0.33.dump

Now it's ideal time for:

cat svn.0.33.dump | svndumpfilter exclude diskspace.hogging.test.repository  |gzip -1 >  svn.0.33.dump.without.sht.gz

And now, for the grand finale:

svnadmin create /var/lib/svn
cat svn.0.33.dump | svnadmin load /var/lib/svn/

[/Howto] permanent link

   smime_keys -init

[] permanent link

http://anduin.net/jailctl/
[/Projects/vserver] permanent link

For xfs, try this:

/dev/hde3 on /var/spool type xfs (rw,noexec,nosuid,noatime,osyncisdsync)

But supposedly the best fs for squid is reiserfs, and you may like those options:

reiserfs (rw,noexec,nosuid,nodev,noatime,nodiratime,notail,block-allocator=noborder)

Nice thing to remember is that squid is very HDD intensive application, so it's rather unwise to run in on anything slower then SCSI (like you can see above I'm running it ;) is asking for trouble... and dumb.

You should also consider oops instead of squid for following reasons:

• oops is more lightweight then squid
• it's way easier to set up and configure.
• oopsctl stat provides hot stats in nice format
• oops can use raw partitions as it's cache.
• oops very quick to stop and start. ( try /etc/init.d/oops restart -> few seconds, try /etc/init.d/squid restart -> few minutes ). And you don't wan't your users waiting for few minutes when you change something simple but requiring restart.
• oops provides special for for transparent proxy ( with squid you can use either transproxy programm, or configure your squid as transproxy, but if you do, prepare for troubles when you use it also as normal proxy)
• squid is rather old code, oops is young and developing vigorously. It's code is cleaner and smaller ( squid is well tested, but contains lots and lots of cruft accumulated for years).
• oops uses single file as it's spool, not some clunky array of arrays of directories. Way easier to manage.

Update:

Based on: http://conferences.oreillynet.com/presentations/os2002/wessels_duane.ppt best filesystem for squid cache is ext2fs, and worst is xfs ( no wonder... ). second best filesystem for squid seems to be reiserfs (notail,noatime), but ext2 is twice as fast as reiserfs in this scenario.
[/Tips] permanent link

Todays release (17i), http://eyck.forumakad.pl/Projects/bsd/17i/ contains

• lufs 0.9.7

[/Projects/bsd] permanent link

Todays release (17h), http://eyck.forumakad.pl/Projects/bsd/17h/ contains

• updated mount -o ro,bind patch from Herbert of Vserver fame (0.4 pre-release)
• reemoved old framebuffer logos
• mppe/mppc module downgraded to avoid 'PFC bug'

Warnings:

1. netconsole is not yet final, don't use it on production machines
2. Same goes for mount -o ro,noatime,bind option

[/Projects/bsd] permanent link

Todays release (17f), https://ghost.anime.pl/~eyck/Projects/bsd/17f/ contains

• updated mount -o ro,bind patch from Herbert of Vserver fame
• updated netconsole patch
• re-added mga_vid driver for matrox and radeon cards
• re-added old OCFS (Oracle Cluster Filesystem)
• re-added old framebuffer logos

Warnings:

1. 17f includes Jan Dubiec's newest mppe/mppc module. Unfortunatelly it contains fix for 'PFC bug', which, unless you're affected by 'PFC bug', triggers 'PFC bug'. 17g will be available with older (0.98) version of this module
2. netconsole patch should not be trusted. As Herbert Poezl says:

   11:51 < Bertl> eyck: it seems that some parts of the netpoll api ahve sneaked in for the following cards:
   11:52 < Bertl> net/8139cp.c, net/b44.c, e1000/e1000, net/gt64240eth.c, net/mv64340, net/tg3.c
   

   thus, you should be cautious with using this feature on those cards.

[/Projects/bsd] permanent link

val {
    local $SIG{ALRM} = sub { die "alarm timeout" };
    local $SIG{__DIE__} = sub { alarm 0; die @_ };
    alarm $timeout;
    # operation you're waiting on which might die()
    # in the grandparent post, this was 
    # $line=<$child>
    alarm 0;        # cancel the alarm
};
die $@ if $@ && $@ !~ /alarm timeout/;
if ($@) {
    # Whatever you want on an alarm timeout
}

( from perlmonks post by fizbin ):w

[/Perl] permanent link

Release (17e), https://ghost.anime.pl/~eyck/Projects/bsd/17e/ contains

• XFS ACL - xfs enter mainline kernel, but unfortunatelly stripped-down :(, this brings back some of expected functionality
• XFS DMAPI
• epoll - /dev/epoll
• squashfs - add this line deb http://eyck.forumakad.pl/woody/squashfs/ ./ to your /etc/apt/sources.list to get some userspace squashfs-tools
• mount -o ro,bind patch( from vserver's Herbert )
• netconsole logging patch ( from vserver's Herbert )[BROKEN!]

[/Projects/bsd] permanent link

deb http://www.backports.org/debian woody amavis-ng deb http://www.backports.org/debian woody clamav #clamav: deb http://people.debian.org/~aurel32/BACKPORTS stable main

apt-get install amavisd-new clamavis-daemon

For exim.conf: trusted_users = mail:amavis . . . . amavis_smtp: driver = smtp hosts = localhost port = 10024 allow_localhost hosts_override end ###################################################################### # DIRECTORS CONFIGURATION # # Specifies how local addresses are handled # ###################################################################### # ORDER DOES MATTER # # A local address is passed to each in turn until it is accepted. # ###################################################################### amavis_director: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = smartuser transport = amavis_smtp verify = false . . . . ###################################################################### # ROUTERS CONFIGURATION # # Specifies how remote addresses are handled # ###################################################################### # ORDER DOES MATTER # # A remote address is passed to each in turn until it is accepted. # ###################################################################### amavis_router: condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}" driver = domainlist transport = amavis_smtp verify = false route_list = * localhost byname self = send uncomment exim3 settings from amavisd-new, restart it.. optionally comment out spamassassin-disabling line..
[/Howto] permanent link

1. mount -o bind,ro http://vserver.13thfloor.at/Experimental/patch-2.4.25-rc3-vs1.26-bme0.04.diff
2. near-instantenious creation of vservers
3. single configuration for zone - what devices it needs, what directories to import, comment ..
4. IPv6 support
5. Some types of filesystems should be mountable inside vservers... some shouldn't. There's someone doing work on something similiar in 2.6.x tree ( user-mountable filesystems )
6. Extended auditing inside zones
7. 'privilege' set
8. well-thought ability to use raw devices inside vserver (?)

[/Todo] permanent link

TODO: prepare similiar tools for vserver, From: John Beck Newsgroups: comp.unix.solaris Subject: Introducing Solaris Zones Date: Wed, 25 Feb 2004 22:23:34 +0000 (UTC) Organization: Sun.Software.Solaris Lines: 173 Message-ID: NNTP-Posting-Host: opal.sfbay.sun.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: news1nwk.SFbay.Sun.COM 1077747814 2188 129.146.86.88 (25 Feb 2004 22:23:34 GMT) X-Complaints-To: usenet@news1nwk.sfbay.sun.com NNTP-Posting-Date: Wed, 25 Feb 2004 22:23:34 +0000 (UTC) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.3 Hello world, Solaris Express 02/04 is now available, and this post is to announce one of the exciting new features, a means of partitioning a single Solaris instance into isolated application environments called "zones." (Note that Zones and Resource Management are related subsets of "N1 Grid Containers"; N1GC = S10RM + Zones.) Each zone can be separately administered and each zone can run an independent set of applications. Zones allow one or more processes to run in isolation from other activity on the system. Processes running in a given zone cannot monitor or affect processes running in other zones. For example, a process running in a zone will only be able to send signals to other processes in the same zone, regardless of user id and other credential information. Likewise, processes in zones will be unable to control global aspects of the system configuration such as run level, most physical devices, and network routing tables. (The exception is the global zone, which is discussed under Security, below.) Features: * Security Network services can be run in a zone, limiting the potential damage in the event of a security violation. No process running within a zone, even one with superuser credentials, is allowed to affect activity in other zones. Certain activities, such as rebooting or shutting down the system as a whole, will only be permitted in the global zone. An administrator logged into the global zone can monitor the activity of applications running in other zones and control the system as a whole. The global, or default, zone will always exist. * Isolation Zones allow the deployment of multiple applications on the same machine, even if the applications operate in different trust domains, require exclusive use of a global resource, or present difficulties with global configurations. Individual zones can have their own set of users and their own root password and when rebooted, any other zones running on the system are unaffected. * Virtualization Zones provide a virtualized environment that can hide details such as physical devices and the system's primary IP address and host name from the application. This can be useful in supporting rapid deployment and redeployment of applications since the same environment can be maintained on different physical machines. * Granularity Zones can provide isolation at almost arbitrary granularity. A zone does not require a dedicated CPU, physical device, or chunk of physical memory. These resources can either be multiplexed across a number of zones running within a single system, or allocated on a per-zone basis using resource management features available in the operating system. * Transparency Zones avoid changing the environment in which applications execute except when necessary to achieve the goals of security and isolation. Zones do not present a new API or ABI to which applications must be ported. Instead, they provide the standard Solaris interfaces and application environment, with some restrictions that affect applications attempting to perform privileged operations. Here is a sample session of a configuring, installing and booting a zone; note that the zlogin command in the second window is run between commands 7 and 8 in the first window. ----- cut here: start first window ----- [root:1] zoneadm list -cv ID NAME STATUS PATH 0 global running / [root:2] zonecfg -z luke luke: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:luke> create zonecfg:luke> set zonepath=/export/home/luke zonecfg:luke> set autoboot=true zonecfg:luke> add inherit-pkg-dir zonecfg:luke:inherit-pkg-dir> set dir=/opt zonecfg:luke:inherit-pkg-dir> end zonecfg:luke> add net zonecfg:luke:net> set address=129.146.86.66/24 zonecfg:luke:net> set physical=eri0 zonecfg:luke:net> end zonecfg:luke> verify zonecfg:luke> commit zonecfg:luke> ^D [root:3] zoneadm list -cv ID NAME STATUS PATH 0 global running / - luke configured /export/home/luke [root:4] zoneadm -z luke install Preparing to install zone . Creating list of files to copy from the global zone. Copying <2203> files to the zone. Initializing zone product registry. Determining zone package initialization order. Preparing to initialize <905> packages on the zone. Initialized <905> packages on zone. Successfully initialized zone . [root:5] zoneadm list -cv ID NAME STATUS PATH 0 global running / - luke installed /export/home/luke [root:6] cat /usr/local/etc/luke.sysidcfg system_locale=C terminal=xterm network_interface=primary { hostname=luke } security_policy=NONE name_service=NIS { domain_name=sunsoft.eng.sun.com } timezone=US/Pacific root_password=4bw/KFH3xRPUE [root:7] cp /usr/local/etc/luke.sysidcfg /export/home/luke/root/etc/sysidcfg [root:8] zoneadm -z luke boot [root:9] zoneadm list -cv ID NAME STATUS PATH 0 global running / 1 luke running /export/home/luke [root:10] ----- cut here: end first window ----- ----- cut here: start second window ----- [root:1] zlogin -C luke [Connected to zone 'luke' console] [NOTICE: zone booting up] SunOS Release 5.10 Version s10_51 64-bit Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Hostname: luke The system is coming up. Please wait. starting rpc services: rpcbind keyserv ypbind done. rebooting system due to change(s) in /etc/default/init [NOTICE: zone rebooting] SunOS Release 5.10 Version s10_51 64-bit Copyright 1983-2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Hostname: luke The system is coming up. Please wait. NIS domain name is sunsoft.eng.sun.com starting rpc services: rpcbind keyserv ypbind done. syslog service starting. /etc/mail/aliases: 12 aliases, longest 10 bytes, 138 bytes total Creating new rsa public/private host key pair Creating new dsa public/private host key pair The system is ready. luke console login: ----- cut here: end second window ----- We encourage you to check out the AnswerBook at BigAdmin: http://www.sun.com/bigadmin/content/zones Or better yet, go to: http://wwws.sun.com/software/solaris/solaris-express/get.html There you can download Solaris Express 02/04 and try Zones yourself! Enjoy, -- John Beck and the rest of the Zones team
[/Todo] permanent link

those include: nfs, webdav, sshfs, openafs, coda, etc etc... Usefull stuff for nfs: mount options: rsize=8192,wsize=8192 ( default is 1024 and makes nfs slow, but is required for old nfsv2 servers ) soft ( soft If an NFS file operation has a major timeout then report an I/O error to the calling program. The default is to continue retrying NFS file operations indefinitely. ), hard is very very very bad when your nfs server dies ( or if network dies ) intr If an NFS file operation has a major timeout and it is hard mounted, then allow signals to interupt the file operation and cause it to return EINTR to the calling program. The default is to not allow file operations to be interrupted. retry=n The number of minutes to retry an NFS mount operation in the foreground or background before giving up. The default value is 10000 minutes, which is roughly one week. http://www.fs.net/
[] permanent link

aka Stackable Filesystems.. aka ... exists in stable *BSDs for years as mount option.. http://www.almesberger.net/epfl/ifs.html
[] permanent link